Login failure on Management UIs
If you are able to access the Management UIs login page, but the login attempt is failing.
Note: If you are on VMware, some of the following checks involve running
kubectl commands on your VMs. To access your VMs for running
kubectl commands:
- SSH to one of your subsystem VMs as the user 'apicadm', for example:
ssh apicadm@mgmt1.example.com
- Sudo to the root user:
sudo -i
- From here you can run
kubectl
commands, for example:# kubectl get pods NAME READY STATUS RESTARTS AGE abc-management-analytics-proxy-5f8bcd74c4-jbhch 1/1 Running 1 (97d ago) 113d ...
- API Connect pods run in
the default namespace on VMware, so you do not need to specify the namespace with
-n
in the kubectl commands.
Check the logs of the
juhu
and apim
pods at the time of the
login attempt to confirm that the login attempt did reach the Management subsystem. For more
information on the juhu
logs see Unable to access Management UIs. If the login attempt
reached the Management subsystem, more details of the login failure for Local User Registry users
can be found in the lur
pod logs, and for LDAP users in the ldap
pods. Example:# kubectl logs abc-management-lur-8bbc47b54-9vl8q --since=1m -f
...
2022-05-27T13:41:13.511Z audit [4d55be1800dcef18c64e0470484e6eac] START: >>>>>>>> [POST]: /user-login
2022-05-27T13:41:13.704Z lur:error [4d55be1800dcef18c64e0470484e6eac] Requested login, but user, notauser not found in user registry,
2022-05-27T13:41:13.706Z bhendi:error [4d55be1800dcef18c64e0470484e6eac] Error in POST post:/user-login (user.js:login)
- status : 401
...